summaryrefslogtreecommitdiff
path: root/net/netfilter/nft_quota.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-09-02 21:00:58 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-09-07 11:00:56 +0200
commitdb6d857b819a00627a3bd911f49ee3156766bba8 (patch)
treed4283a93851b15343a90b02fddb1437c3db939af /net/netfilter/nft_quota.c
parent0d9932b2875f568d679f2af33ce610da3903ac11 (diff)
netfilter: nft_quota: fix overquota logic
Use xor to decide to break further rule evaluation or not, since the existing logic doesn't achieve the expected inversion. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_quota.c')
-rw-r--r--net/netfilter/nft_quota.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nft_quota.c b/net/netfilter/nft_quota.c
index 6eafbf987ed9..92b6ff16dbb3 100644
--- a/net/netfilter/nft_quota.c
+++ b/net/netfilter/nft_quota.c
@@ -33,7 +33,7 @@ static void nft_quota_eval(const struct nft_expr *expr,
{
struct nft_quota *priv = nft_expr_priv(expr);
- if (nft_quota(priv, pkt) < 0 && !priv->invert)
+ if ((nft_quota(priv, pkt) < 0) ^ priv->invert)
regs->verdict.code = NFT_BREAK;
}